CVE-2013-0787 : Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla F

Use-after-free vulnerability in the nsEditor::IsPreformatted function in editor/libeditor/base/nsEditor.cpp in Mozilla Firefox before 19.0.2, Firefox ESR 17.x before 17.0.4, Thunderbird before 17.0.4, Thunderbird ESR 17.x before 17.0.4, and SeaMonkey before 2.16.1 allows remote attackers to execute arbitrary code via vectors involving an execCommand call.

Published 2013-03-11 10:55:01

Updated 2017-09-19 01:35:50

Source Mozilla Corporation

View at NVD, CVE.org

Vulnerability category: Memory CorruptionExecute code

Exploit prediction scoring system (EPSS) score for CVE-2013-0787

Probability of exploitation activity in the next 30 days: 9.68%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-0787

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2013-0787

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-0787

http://rhn.redhat.com/errata/RHSA-2013-0614.html

RHSA-2013:0614 - Security Advisory - Red Hat Customer Portal
http://www.mozilla.org/security/announce/2013/mfsa2013-29.html

Use-after-free in HTML Editor — Mozilla
Vendor Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=848644

848644 - (CVE-2013-0787) Use-after-free caused by us replacing the nsHTMLEditor's edit rules object while running scripts from the flush happening in nsEditor::IsPreformatted triggered by execCommand
http://www.securityfocus.com/bid/58391

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0787 Remote Code Execution Vulnerability
http://rhn.redhat.com/errata/RHSA-2013-0627.html

RHSA-2013:0627 - Security Advisory - Red Hat Customer Portal
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00026.html

[security-announce] openSUSE-SU-2013:0468-1: important: seamonkey: updat
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00023.html

[security-announce] openSUSE-SU-2013:0465-1: important: MozillaThunderbi
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00028.html

[security-announce] SUSE-SU-2013:0470-1: important: Security update for
http://twitter.com/VUPEN/statuses/309505403631325184

Twitter / ?
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16737

Repository / Oval Repository
http://www.ubuntu.com/usn/USN-1758-1

USN-1758-1: Firefox vulnerability | Ubuntu security notices
http://www.debian.org/security/2013/dsa-2699

Debian -- Security Information -- DSA-2699-1 iceweasel

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00025.html

[security-announce] openSUSE-SU-2013:0467-1: important: MozillaFirefox:
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157

HPPSocialUserSignonPage - Hewlett Packard Enterprise Community

CVEs referencing this url
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00010.html

[security-announce] openSUSE-SU-2013:0431-1: important: Mozilla updates
http://twitter.com/thezdi/statuses/309484730506698752

Zero Day Initiative on Twitter: "@VUPEN pwned Mozilla Firefox using a UaF plus a new Windows 7 ASLR/DEP bypass technique then pwned Oracle Java with a heap overflow #Pwn2Own"

CVEs referencing this url

Products affected by CVE-2013-0787

Mozilla » Firefox
Versions up to, including, (<=) 19.0.1
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » Version: 19.0
cpe:2.3:a:mozilla:firefox:19.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird
Versions up to, including, (<=) 17.0.3
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0
cpe:2.3:a:mozilla:thunderbird:17.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0.1
cpe:2.3:a:mozilla:thunderbird:17.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird » Version: 17.0.2
cpe:2.3:a:mozilla:thunderbird:17.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey
Versions up to, including, (<=) 2.16
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16 Update Beta4
cpe:2.3:a:mozilla:seamonkey:2.16:beta4:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16 Update Beta5
cpe:2.3:a:mozilla:seamonkey:2.16:beta5:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16 Update Beta3
cpe:2.3:a:mozilla:seamonkey:2.16:beta3:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16 Update Beta1
cpe:2.3:a:mozilla:seamonkey:2.16:beta1:*:*:*:*:*:*
Matching versions
Mozilla » Seamonkey » Version: 2.16 Update Beta2
cpe:2.3:a:mozilla:seamonkey:2.16:beta2:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr » Version: 17.0.3
cpe:2.3:a:mozilla:firefox_esr:17.0.3:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr » Version: 17.0.2
cpe:2.3:a:mozilla:firefox_esr:17.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr » Version: 17.0.1
cpe:2.3:a:mozilla:firefox_esr:17.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox Esr » Version: 17.0
cpe:2.3:a:mozilla:firefox_esr:17.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird Esr » Version: 17.0
cpe:2.3:a:mozilla:thunderbird_esr:17.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird Esr » Version: 17.0.1
cpe:2.3:a:mozilla:thunderbird_esr:17.0.1:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird Esr » Version: 17.0.2
cpe:2.3:a:mozilla:thunderbird_esr:17.0.2:*:*:*:*:*:*:*
Matching versions
Mozilla » Thunderbird Esr » Version: 17.0.3
cpe:2.3:a:mozilla:thunderbird_esr:17.0.3:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-0787

Exploit prediction scoring system (EPSS) score for CVE-2013-0787

CVSS scores for CVE-2013-0787

CWE ids for CVE-2013-0787

References for CVE-2013-0787

Products affected by CVE-2013-0787